delegate to the IS to check 3PID signup eligibility

2018-03-13 01:34:20 +00:00 · 2018-03-13 01:34:20 +00:00 · e446077478
parent d82c89ac22
commit e446077478
2 changed files with 27 additions and 4 deletions
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@ -33,6 +33,7 @@ class RegistrationConfig(Config):

        self.registrations_require_3pid = config.get("registrations_require_3pid", [])
        self.allowed_local_3pids = config.get("allowed_local_3pids", [])
+        self.check_is_for_allowed_local_3pids = config.get("check_is_for_allowed_local_3pids", False)
        self.registration_shared_secret = config.get("registration_shared_secret")

        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
@ -63,6 +64,10 @@ class RegistrationConfig(Config):
        # Mandate that users are only allowed to associate certain formats of
        # 3PIDs with accounts on this server.
        #
+        # Use an Identity Server to establish which 3PIDs are allowed to register?
+        # Overrides allowed_local_3pids below.
+        # check_is_for_allowed_local_3pids: matrix.org
+        #
        # allowed_local_3pids:
        #     - medium: email
        #       pattern: ".*@matrix\\.org"
@ -71,6 +76,7 @@ class RegistrationConfig(Config):
        #     - medium: msisdn
        #       pattern: "\\+44"

+
        # If set, allows registration by anyone who also has the shared
        # secret, even if registration is otherwise disabled.
        registration_shared_secret: "%(registration_shared_secret)s"
--- a/synapse/util/threepids.py
+++ b/synapse/util/threepids.py
@ -16,9 +16,12 @@
 import logging
 import re

+from twisted.internet import defer
+
 logger = logging.getLogger(__name__)


+@defer.inlineCallbacks
 def check_3pid_allowed(hs, medium, address):
    """Checks whether a given format of 3PID is allowed to be used on this HS

@ -28,9 +31,20 @@ def check_3pid_allowed(hs, medium, address):
        address (str): address within that medium (e.g. "wotan@matrix.org")
            msisdns need to first have been canonicalised
    Returns:
-        bool: whether the 3PID medium/address is allowed to be added to this HS
+        defered bool: whether the 3PID medium/address is allowed to be added to this HS
    """

+    if hs.config.check_is_for_allowed_local_3pids:
+        data = yield hs.http_client.get_json(
+            "https://%s%s" % (
+                hs.config.check_is_for_allowed_local_3pids,
+                "/_matrix/identity/api/v1/discover_urls"
+            ),
+            {'medium': medium, 'address': address }
+        )
+        defer.returnValue(data.hs_url+"/" == self.hs.config.public_baseurl)
+        return
+
    if hs.config.allowed_local_3pids:
        for constraint in hs.config.allowed_local_3pids:
            logger.debug(
@ -41,8 +55,11 @@ def check_3pid_allowed(hs, medium, address):
                medium == constraint['medium'] and
                re.match(constraint['pattern'], address)
            ):
-                return True
+                defer.returnValue(True)
+                return
    else:
-        return True
+        defer.returnValue(True)
+        return

-    return False
+    defer.returnValue(False)
+    return